CVE-2024-0775 : LINUX KERNEL UP TO 6.4-RC1 EXT4 FILE SYSTEM FS/EXT4/SUPER.C __EXT4_REMOUNT USE AFTER FREE
Description A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows
CVE-2023-32272 : INTEL NUC PRO SOFTWARE SUITE CONFIGURATION TOOL PRIOR 3.0.0.6 UNCONTROLLED SEARCH PATH
Description Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow
CVE-2023-40683 : IBM OPENPAGES WITH WATSON 8.3/9.0 IMPROPER AUTHORIZATION
Description IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization
CVE-2024-0646 : LINUX KERNEL TLS /NET/TLS/TLS_SW.C TLS_SW_SENDMSG_SPLICE OUT-OF-BOUNDS WRITE
Description An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user
CVE-2023-50164 : ORACLE MYSQL ENTERPRISE MONITOR 8.0.36 AND PRIOR MONITORING REMOTE CODE EXECUTION
Description An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to
CVE-2023-22527 : ATLASSIAN CONFLUENCE DATA CENTER/CONFLUENCE SERVER PRIOR 8.5.4 TEMPLATE INJECTION
Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated
‘Rapid Reset’ DDoS Strikes Amplify With HTTP/2 Vulnerability
In recent months, a groundbreaking cyber threat has emerged, shaking the foundations of web security and challenging major cloud infrastructure
CVE-2023-7028 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.7.1 PASSWORD RESET UNKNOWN VULNERABILITY
Description An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to
CVE-2024-0057 : MICROSOFT .NET/.NET FRAMEWORK/VISUAL STUDIO REMOTE CODE EXECUTION
Description NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability. References https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057 For More Information CVERecord
CVE-2023-51441 : APACHE AXIS 1.X SERVICE ADMIN HTTP API SERVICEFACTORY.JAVA SERVER-SIDE REQUEST FORGERY
Description ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin
CVE-2023-6270 : LINUX KERNEL ATA OVER ETHERNET DRIVER AOECMD_CFG_PKTS USE AFTER FREE
Description A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly
CVE-2023-52314 : PADDLE UP TO 2.5.X CONVERT_SHAPE_COMPARE OS COMMAND INJECTION
Description PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on
2024 Threat Landscape Predictions
As we embark on the horizon of 2024, the cybersecurity landscape is teeming with challenges and opportunities. Recently, a globally
CVE-2024-21623 : MEHAH OTCLIENT SONARCLOUD WORKFLOW /MEHAH/OTCLIENT INJECTION
Description OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient “`Analysis – SonarCloud`” workflow is
CVE-2024-0182 : SOURCECODESTER ENGINEERS ONLINE PORTAL 1.0 ADMIN LOGIN /ADMIN/ USERNAME/PASSWORD SQL INJECTION
Description A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is
CVE-2023-7095 : TOTOLINK A7100RU 7.4CU.2313_B20191024 HTTP POST REQUEST CSTECGI.CGI MAIN FLAG BUFFER OVERFLOW
Description A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is
CVE-2023-51656 : APACHE IOTDB UP TO 0.13.4 DESERIALIZATION
Description Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended
CVE-2023-47093 : STORMSHIELD NETWORK SECURITY UP TO 4.3.21/4.6.8/4.7.0 ASQ ENGINE DENIAL OF SERVICE
Description An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a
CVE-2023-6975 : MLFLOW PRIOR 2.9.2 PATH TRAVERSAL
Description A malicious user could use this issue to get command execution on the vulnerable machine and get access to
The Dawn Of Cyber Challenges In Healthcare Security | Prophaze
In a recent case, healthcare teams in Singapore struggled with prolonged online outages due to distributed denial of service (DDoS)
CVE-2023-6817 : LINUX KERNEL UP TO 6.6.X NFT_SET_PIPAPO.C NFT_PIPAPO_WALK USE AFTER FREE
Description A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The
CVE-2023-6483 : ADITAAS ALLIED DIGITAL INTEGRATED TOOL-AS-A-SERVICE UP TO 5.1 BACKEND API IMPROPER AUTHENTICATION
Description The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the
CVE-2023-48371 : ITPISON OMICARD EDM 6.0.1.5 SMS UNRESTRICTED UPLOAD
Description ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker
CVE-2023-45174 : IBM AIX/VIOS QDAEMON COMMAND ACCESS CONTROL
Description IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the